Fast Elliptic-Curve Cryptography on the Cell Broadband Engine

Authors:
Neil Costigan;Peter Schwabe
Affiliations:
School of Computing, Dublin City University, Glasnevin, Dublin 9, Ireland;Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, Eindhoven, Netherlands 5600 MB
Venue:
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Year:
2009

Citing 4
Cited 8

Guide to Elliptic Curve Cryptography

Guide to Elliptic Curve Cryptography
Fast and Small Short Vector SIMD Matrix Multiplication Kernels for the Synergistic Processing Element of the CELL Processor

ICCS '08 Proceedings of the 8th international conference on Computational Science, Part I
On Software Parallel Implementation of Cryptographic Pairings

Selected Areas in Cryptography
Curve25519: new diffie-hellman speed records

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography

Montgomery multiplication on the cell

PPAM'09 Proceedings of the 8th international conference on Parallel processing and applied mathematics: Part I
High-performance modular multiplication on the cell processor

WAIFI'10 Proceedings of the Third international conference on Arithmetic of finite fields
On the correct use of the negation map in the Pollard rho method

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
High-speed high-security signatures

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction

International Journal of Applied Cryptography
Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction

International Journal of Applied Cryptography
NEON crypto

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Elligator: elliptic-curve points indistinguishable from uniform random strings

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper is the first to investigate the power of the Cell Broadband Engine for state-of-the-art public-key cryptography. We present a high-speed implementation of elliptic-curve Diffie-Hellman (ECDH) key exchange for this processor, which needs 697080 cycles on one Synergistic Processor Unit for a scalar multiplication on a 255-bit elliptic curve, including the costs for key verification and key compression. This cycle count is independent of inputs therefore protecting against timing attacks. This speed relies on a new representation of elements of the underlying finite field suited for the unconventional instruction set of this architecture. Furthermore we demonstrate that an implementation based on the multi-precision integer arithmetic functions provided by IBM's multi-precision math (MPM) library would take at least 2227040 cycles. Comparison with implementations of the same function for other architectures shows that the Cell Broadband Engine is competitive in terms of cost-performance ratio to other recent processors such as the Intel Core 2 for public-key cryptography. Specifically, the state-of-the-art Galbraith-Lin-Scott ECDH software performs 27370 scalar multiplications per second using all four cores of a 2.5GHz Intel Core 2 Quad Q9300 inside a $296 computer, while the new software reported in this paper performs 27474 scalar multiplications per second on a Playstation 3 that costs just $221. Both of these speed reports are for high-security 256-bit elliptic-curve cryptography.